Newsletters: Newsbites

SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Volume IX - Issue #41

May 22, 2007

Note to Washington DC area security professionals: Please invite two or three of your programmers (or contractor programmers) to participate in the pilot test of the new secure coding exams in C or Java, on August 14 in Washington DC. Pilot participants will be contributing to the improvement if the exams and will be eligible to earn secure programming certification. Participants' names will be entirely confidential. Those who sign up in the next few days will get an invitation to a webcast that helps them ensure they know what will be covered and where to find study materials. Exam blueprints and details at:http://www.sans.org/gssp07/ Test information: www.sans-ssi.orgQuestions: spa@sans.org

The US House Committee on Homeland Security wants the Nuclear Regulatory Commission (NRC) to conduct a deeper investigation into an apparent data spike that forced operators at the Brown's Ferry nuclear power plant in Alabama to shut down the plant's reactor in August 2006. The operators shut down the reactor after two water recirculation pumps failed due to what an NRC notice called a "data storm," which appeared to be caused by a malfunctioning variable frequency drive (VFD) controller. The committee is urging further investigation because there is speculation that the incident could have been triggered by activity from outside the plant. A letter from the Committee's Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology reads, "Unless and until the cause of the excessive network load can be explained, there is no way for either the licensee or the NRC to know that this was not an external DDoS attack." The letters expresses "deep reservations about the NRC's hesitation to conduct a special investigation into this incident." The NRC has until June 14 to respond to the letter. -http://www.securityfocus.com/news/11465-http://www.scmagazine.com/us/news/article/658709/congressmen-want-explanation-possible-nuclear-power-plant-cybersecurity-incident/-http://homeland.house.gov/press/index.asp?ID=212************************* Sponsored Links: **************************** 1) It's About More than Encrypting Bits on Disks! Compliance and technology requirements for mobile data security. Ask the Experthttp://www.sans.org/info/7461

THE REST OF THE WEEK'S NEWS

LEGAL MATTERS

Convicted Movie Pirate Loses Appeal (May 18, 2007)

A Hong Kong man convicted of making movies available for download over the BitTorrent peer-to-peer (P2P) file-sharing network has lost his appeal. Chan Nai-ming will serve a three-month prison sentence for distributing three movies, "Daredevil," "Miss Congeniality," and "Red Planet," in 2005. The defense argued that Chan merely uploaded the movies but did not distribute them; the judges said that by his actions, Chan "enabled people to download" the films. -http://www.theage.com.au/news/Technology/Hong-Kong-man-loses-Internet-piracy-appeal/2007/05/18/1178995401345.html

New Gozi Trojan Variant Spreading (May 19, 2007)

A new variant of the Gozi Trojan horse program has been spreading since mid-April. The malware grabs data from encrypted SSL streams and sends them back to a server in Russia. The upstream ISP cut the server off from Internet connection once it was alerted to the situation. The malware has gathered sensitive information, including bank account and credit card numbers, user names, passwords and Social Security numbers (SSNs) of more than 2,000 people. Changes apparent in the new version of Gozi include the addition of a packer utility that helps the malware evade detection by standard virus signatures and a keystroke logging capability that increases the amount of information it can steal. Gozi exploits a known flaw in Microsoft's Internet Explorer (IE) iFrame tags. -http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9019978&source=rss_topic17

Critical Flaws in Java Development Kit (May 17, 2007)

Java Development Kit users running version 1.x are encouraged to upgrade to protect their systems from two remotely exploitable flaws. The first flaw is an integer overflow error in the image parser that occurs when processing ICC profiles embedded in JPEG images; the flaw could be exploited to crash the JVM (Java Virtual Machine) and possibly allow arbitrary code execution. The second flaw is due to an error in the BMP image parser when parsing malformed files on Unix/Linux systems and could be exploited to cause denial-of-service conditions. Sun Microsystems has released JDK versions 1.5.0_11-b03 and 1.6.0_01-b06 to address the flaws. -http://www.eweek.com/print_article2/0,1217,a=207757,00.asp

Nevada College Server Infected (May 17, 2007)

A server at the Community College of Southern Nevada (CCSN) was hit with a virus in February, 2007, compromising the personal data of nearly 200,000 current and former students. The attack occurred while the network was being reconfigured. The data included in the SQL database include names, SSNs and birth dates. An investigation "did not conclusively determine whether any information had been accessed or acquired." CCSN sent letters to all affected individuals and has established a website to provide people with additional information. -http://www.scmagazine.com/us/news/article/658373/virus-compromises-200000-records-community-college-southern-nevada/

MISCELLANEOUS

University Hosts Hacking Challenge for Teens (May 21, 2007)

Iowa State University held a cyber defense challenge for high school students, pitting 19 blue teams against a red team composed of security experts bent on infiltrating and causing trouble on the students' networks. First place went to West Des Moines Valley High School for the second year in a row; one team member noted that they won by "watch[ing their ] network activity like a hawk." -http://cosmiclog.msnbc.msn.com/archive/2007/05/21/199009.aspx

Memorial Day Week NewsBites Publication Schedule

Next week, NewsBites will be published just once, on Thursday, May 31. The following week, we will be back to our usual Tuesday and Friday publications.=========================================================================

The Editorial Board of SANS NewsBites

Eugene Schultz, Ph.D., CISM, CISSP is CTO of High Tower Software and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC).

John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu.

Howard A. Schmidt served as CSO for Microsoft and eBay and as Vice-Chair of the President's Critical Infrastructure Protection Board.

Ed Skoudis is co-founder of Intelguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.

Tom Liston is a Senior Security Consultant and Malware Analyst for Intelguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.

Bruce Schneier has authored eight books -- including BEYOND FEAR and SECRETS AND LIES -- and dozens of articles and academic papers. Schneier has regularly appeared on television and radio, has testified before Congress, and is a frequent writer and lecturer on issues surrounding security and privacy.

Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.

Mark Weatherford, CISSP, CISM, is the Chief Information Security Officer for the State of Colorado.

Alan Paller is director of research at the SANS Institute

Clint Kreitner is the founding President and CEO of The Center for Internet Security.

Rohit Dhamankar is the Lead Security Architect at TippingPoint, a division of 3Com, and authors the critical vulnerabilities section of the weekly SANS Institute's @RISK newsletter and is the project manager for the SANS Top20 2005 and the Top 20 Quarterly updates.

Koon Yaw Tan leads the cyber threat intent team for Infocomm Development Authority (IDA) of the Singapore government.

Chuck Boeckman is a Principal Information Security Engineer at a non-profit federally funded research and development corporation that provides support to the federal government.

Gal Shpantzer is a trusted advisor to several successful IT outsourcing companies and was involved in multiple SANS projects, such as the E-Warfare course and the Business Continuity Step-by-Step Guide.

Brian Honan is an independent security consultant based in Dublin, Ireland.

Roland Grefer is an independent consultant based in Clearwater, Florida.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/